On 2014-01-12 14:56, cmcgrath5035 wrote:
> So, I read your answer “Well,it is not mounted…” and though about it
> a while, then realized I had created my testfile in the unencrypted
> directory /home/carl/srvc which would be the mount point for the
> encrypted filesystem image. Seeing that file mislead me into thinking it
> was already mounted.
>
> Oops, sorry about that!
>
> I went back to Carlos’ example in #2 and read enough man pages to
> understand the error in my ways.
>
> Carlos - in answer to your question, the YAST-Partitioner assigned the
> points cr_srv2 and loop0. I had selected the “Create loop file”
> checkbox.
>
> Following Carlos’ example, I edited the entry in /etc/crypttab to
> “noauto” so that the image file would not be opened on boot.
>
> What follows is the sequence of commands to mount the encrypted file
> system image in /home/carl/srv2 at mount point /home/carl/srvc after
> reboot.
>
> Code:
> --------------------
> # cryptsetup open /dev/loop0 /home/carl/srv2
> >>>> I decided to try the systemd service to do the mount
> # systemctl start /home/carl/srvc
> Job for home-carl-srvc.mount failed. See ‘systemctl status home-carl-srvc.mount’ and ‘journalctl -xn’ for details.
> PVE-LinuxSRV5:/home/carl # systemctl status /home/carl/srvc
> home-carl-srvc.mount - /home/carl/srvc
> Loaded: loaded (/etc/fstab)
> Active: failed (Result: exit-code) since Sun 2014-01-12 07:31:21 EST; 46s ago
> Where: /home/carl/srvc
> What: /home/carl/srv2
> Process: 6554 ExecMount=/bin/mount /home/carl/srv2 /home/carl/srvc -t crypt -o loop,user,noauto,acl,nofail (code=exited, status=1/FAILURE)
>
> Jan 12 07:31:20 PVE-LinuxSRV5 systemd[1]: Mounting /home/carl/srvc…
> Jan 12 07:31:20 PVE-LinuxSRV5 systemd[1]: home-carl-srvc.mount: Directory /home/carl/srvc to mount over is not empty, mounting anyway.
> Jan 12 07:31:20 PVE-LinuxSRV5 mount[6554]: NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet. Th…ounted.
> Jan 12 07:31:21 PVE-LinuxSRV5 mount[6554]: Password: crypt_activate_by_passphrase: Operation not permitted
> Jan 12 07:31:21 PVE-LinuxSRV5 systemd[1]: home-carl-srvc.mount mount process exited, code=exited status=1
> Jan 12 07:31:21 PVE-LinuxSRV5 systemd[1]: Failed to mount /home/carl/srvc.
> Jan 12 07:31:21 PVE-LinuxSRV5 systemd[1]: Unit home-carl-srvc.mount entered failed state.
> Hint: Some lines were ellipsized, use -l to show in full.
>
> >>>>> It failed - does not support interactive entry of passphrase
> # mount /home/carl/srvc
> NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet. This means that you will temporarily need to call umount.crypt(8) rather than umount(8) to get crypto volumes unmounted.
> Password:
> >>>>>At this point, after entering the encryption passphrase, the encrypted file system is accessible in Dolphin
>
> >>>>>Below - display some info
> # cat /etc/crypttab
> cr_srv2 /home/carl/srv2 none noauto
> # grep srvc /etc/fstab
> /home/carl/srv2 /home/carl/srvc crypt loop,user,noauto,acl,nofail 0 0
> # grep srvc /etc/mtab
> /dev/mapper/_dev_loop0 /home/carl/srvc ext4 rw,nosuid,nodev,noexec,relatime,data=ordered 0 0
> # systemctl status -l /home/carl/srvc
> home-carl-srvc.mount - /home/carl/srvc
> Loaded: loaded (/etc/fstab)
> Active: active (mounted) (Result: exit-code) since Sun 2014-01-12 07:34:52 EST; 42min ago
> Where: /home/carl/srvc
> What: /dev/mapper/_dev_loop0
> Process: 6554 ExecMount=/bin/mount /home/carl/srv2 /home/carl/srvc -t crypt -o loop,user,noauto,acl,nofail (code=exited, status=1/FAILURE)
> >>>> this error message seems left over from the failed attempt to mount via the service.
> >>>> The current status, mounted, is correct.
>
> --------------------
>
>
> Thanks for the examples and dialog - a worthwhile learning experience.
I don’t have it clear if you managed or not to mount it :-?
If not, I suggest yo do:
/etc/crypttab:
cr_srv2 /home/carl/srv2 none noauto
which I think it is how you have it. Then, in fstab, have the line:
> /dev/mapper/cr_srv2 /home/carl/srvc ext4 noauto,nofail,rw,nosuid,nodev,noexec,relatime,data=ordered 1 1
For activation, you need to do:
cryptsetup luksOpen /home/_var_data/data.crf cr_srv2
which will ask for the password. Ad this point, you can use “losetup
-all” and you will see the loop device in existence, even if it is not
declared in the fstab line. Look at mine:
minas-tirith:~ # losetup -all
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE
/dev/loop0 0 0 1 0 /home/_var_data/data.crf
minas-tirith:~ #
You can at this point run an fsck on the device, because it already
exists and it is decrypted, appearing at “/dev/mapper/cr_srv2”. See mine:
minas-tirith:~ # file -s /dev/mapper/cr_sysdta
/dev/mapper/cr_sysdta: symbolic link to `../dm-0'
minas-tirith:~ # file -s /dev/dm-0
/dev/dm-0: ReiserFS V3.6
minas-tirith:~ #
I do not show an fsck because you use ext4, and mine is reiserfs.
Ok, the next step is to mount it:
mount /home/carl/srvc
ls /home/carl/srvc
And that’s all. In short, you run:
cryptsetup luksOpen /home/_var_data/data.crf cr_srv2
mount /home/carl/srvc
ls /home/carl/srvc
Note: I add the “ls” line because of the “nofail” option. If, for
whatever reason, the mount fails, the command will not warn of any
error; thus you have to check yourself if it succeeded.
Or, you can simply do like this:
minas-tirith:~ # systemctl start /data/cripta/
Please enter passphrase for disk cr_sysdta on /data/cripta!
********************
minas-tirith:~ # mount | grep cripta
/dev/mapper/cr_sysdta on /data/cripta type reiserfs (rw,noatime)
minas-tirith:~ #
which is a single step. I don’t like it much, so I wrote my own script
to handle several possibilities. One of the options I have is an fsck of
the device. If you are interested, I can upload it somewhere.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)